The furore over the AT&T iPad 3G security breach continues, with news from some researchers that the data proved accessible from the carrier’s systems could have more significant implications than merely revealing their email addresses. Meanwhile, one of the hackers of so-called Goatse Security – who identified the AT&T flaw and were promptly branded “malicious” by the carrier – has been arrested after FBI officials discovered drugs in his home following execution of a search warrant.
According to Ars Technica‘s sources, the ICC-IDs (basically the serial numbers for each SIM card) unearthed through AT&T’s systems, while on their own relatively mundane, are often used to calculate a user’s IMSI (International Mobile Subscriber Identity). Depending on the complexity of the system used to translate that ICC-ID into the IMSI – sometimes as straightforward as “combine this hard-coded value with the last nine digits of the ICC-ID” – hackers could discover the codes and use them to physically locate iPad 3G owners or create spoof cell towers to intercept data.
AT&T for their part are declining to comment on the possibilities, and nor is it clear what prompted the warrant for Goatse Security’s search; the FBI had previously been tipped to be investigating the case. Team member Andrew Auernheimer faces four felony charges of possession of a controlled substance and one misdemeanor possession charge; a hearing will be held on June 18th.